4 files changed, 5 insertions, 15 deletions
diff --git a/security/capability.c b/security/capability.c
index ec18d6075625..f9b35cc0b248 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -49,8 +49,6 @@ static struct security_operations capability_ops = {
        .vm_enough_memory =             cap_vm_enough_memory,
 };
-#define MY_NAME __stringify(KBUILD_MODNAME)
 /* flag to keep track of how we were registered */
 static int secondary;
@@ -67,7 +65,7 @@ static int __init capability_init (void)
        /* register ourselves with the security framework */
        if (register_security (&capability_ops)) {
                /* try registering with primary module */
-                if (mod_reg_security (MY_NAME, &capability_ops)) {
+                if (mod_reg_security (KBUILD_MODNAME, &capability_ops)) {
                        printk (KERN_INFO "Failure registering capabilities "
                                "with primary security module.\n");
                        return -EINVAL;
@@ -85,7 +83,7 @@ static void __exit capability_exit (void)
                return;
        /* remove ourselves from the security framework */
        if (secondary) {
-                if (mod_unreg_security (MY_NAME, &capability_ops))
+                if (mod_unreg_security (KBUILD_MODNAME, &capability_ops))
                        printk (KERN_INFO "Failure unregistering capabilities "
                                "with primary module.\n");
                return;
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 71aeb12f07c8..591e98d9315a 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -238,5 +238,4 @@
   S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom")
+   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index d1d0996049e3..d7f02edf3930 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -908,8 +908,7 @@
 #define ASSOCIATION__SENDTO                       0x00000001UL
 #define ASSOCIATION__RECVFROM                     0x00000002UL
-#define ASSOCIATION__RELABELFROM                  0x00000004UL
+#define ASSOCIATION__SETCONTEXT                   0x00000004UL
-#define ASSOCIATION__RELABELTO                    0x00000008UL
 #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL      0x00000001UL
 #define NETLINK_KOBJECT_UEVENT_SOCKET__READ       0x00000002UL
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index c4d87d4dca7b..5b7776504e4c 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -137,15 +137,9 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us
         * Must be permitted to relabel from default socket type (process type)
         * to specified context
         */
-        rc = avc_has_perm(tsec->sid, tsec->sid,
-                          SECCLASS_ASSOCIATION,
-                          ASSOCIATION__RELABELFROM, NULL);
-        if (rc)
-                goto out;
        rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
                          SECCLASS_ASSOCIATION,
-                          ASSOCIATION__RELABELTO, NULL);
+                          ASSOCIATION__SETCONTEXT, NULL);
        if (rc)
                goto out;